CVE-2018-18654

NameCVE-2018-18654
DescriptionCrossroads 2.81 does not properly handle the /tmp directory during a build of xr. A local attacker can first create a world-writable subdirectory in a certain location under the /tmp directory, wait until a user process copies xr there, and then replace the entire contents of this subdirectory to include a Trojan horse xr.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs911877

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
crossroads (PTS)jessie2.65-1.1vulnerable
stretch2.81-2vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
crossroadssource(unstable)(unfixed)unimportant911877

Notes

Issue exploitable only during build of package
Search for package or bug name: Reporting problems